Re: [webauthn] CollectedClientData.crossOrigin not referenced in RP ops (#2113) from philomathic_life via GitHub on 2024-08-07 (public-webauthn@w3.org from August 2024)

From: philomathic_life via GitHub <sysbot+gh@w3.org>
Date: Wed, 07 Aug 2024 15:17:49 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2273722313-1723043867-sysbot+gh@w3.org>

Serialization requires `crossOrigin`, so the conditional "if" is not needed:

If _C_.[`crossOrigin`](https://w3c.github.io/webauthn/#dom-collectedclientdata-crossorigin) is set to `true`, verify that the [Relying Party](https://w3c.github.io/webauthn/#relying-party) expects that this credential would have been created within an iframe that is not [same-origin with its ancestors](https://w3c.github.io/webappsec-credential-management/#same-origin-with-its-ancestors).

Related, should `topOrigin` validation be a sub-step since it should not never be set when `crossOrigin` is `false`?

-- 
GitHub Notification of comment by zacknewman
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2113#issuecomment-2273722313 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 7 August 2024 15:17:49 UTC